Now is a good time to re-set your Twitter password and disable Java in your browser

Discuss

27 Responses to “Now is a good time to re-set your Twitter password and disable Java in your browser”

  1. Brainspore says:

    I CAN’T BELIEVE MY MOTHER’S FRIEND MAKES $21,283 A DAY WATCHING CAT VIDEOS ONLINE. BEST QUALITY PHARMACEUTICALS http://www.totallylegitproducts.cn #notascam #bejing

  2. Anne Onimos says:

    Seems like it’s probably an even better time to re-set your Facebook, iTunes, Google, YouTube, Pinterest, Tumblr, etc., etc. password.

    • MarcVader says:

       Dammit! I’ll have to change all these passwords from “password” to “1234password” now!! FML

    • Rindan says:

      This is a valuable lesson in why you should use a password locker of some flavor.  When one of these sites gets hacked, I just setup another random string for a password and call it a day.  If all your passwords are different, you don’t need to trust anyone to secure your password.  Toss on a layer of 2-step into your e-mail and baking stuff and you are golden.  You are not impervious to an attack, but you are far harder than most people and probably only are vulnerable if someone is specifically out to get you personally.

  3. cameronhorsburgh says:

    So 250,000 people are going to get an email claiming to be from Twitter saying their passwords have been compromised and they need to create new ones.

    Somehow, just somehow, I think a few more than 250,000 people are going to get email claiming to be from Twitter saying their passwords have been compromised and they need to create new ones. 

  4. Guysmiley says:

    There are so many zero day Java exploits in the wild, unless you have a clear need to have it enabled in your browser (and no, Minecraft doesn’t count, download the standalone) you should have it OFF.

  5. Jason says:

    It’s OK. After the last twitter compromise, I used a random-password generator. My password for twitter is now

    |uO(f}af94e^`GPwjjL5F7.sSRos]z~5r9Jb!MJH2A6;g7DRqk

    if you can believe that. Takes me forever to type, but there’s no way it’s going to be cracked.

    • Kimmo says:

      I seem to recall seeing something that said password length matters a lot more than special characters, so wouldn’t something like this be quite secure?

      ohmydobbsicantbelievewhatapaininthearsethisis

      • coop says:

         Obligatory XKCD reference: http://xkcd.com/936/

      • David_Gervais says:

        It’s the other way round.  If you have 6 characters, all lower case, you have 26^6 possible passwords, easily brute-force broken.
        Use upper and lower case; 52^6;
        add ten digits;  62^6;
        add 10 other chars; 72^6; at present, almost unbreakable. 
        This works even better with 8 characters.

        • dragonfrog says:

           Only if you’re choosing fully at random among the character set for your password.  Which you’re not.

        • Aleknevicus says:

          I think you’ve missed what Kimmo was suggesting/enquiring about: Rather that using 6 characters chosen from a set of 72, isn’t it better to choose more than 6 characters from a set of 26?

          The answer is yes, so long as you choose 8 or more characters:

          72^6 ~= 139 billion
          26^8 ~= 208 billion

          (And importantly, as per the XKCD reference, it can actually be *easier* for a human to remember a 20-character password made up from the lowercase alphabet, than it is to remember a 10-character password made up from a set of 72.)

  6. robuluz says:

    Who’s still running Java?

    • ohbejoyful says:

      The html interface to a lot of Oracle systems use java, which means lots of people in very large companies have to have it turned on, at least in one browser.

    • dragonfrog says:

      As ohbejoyful says – lots and lots of enterprise-y systems rely on Java on the desktop, to overcome the horribleness of IE 6, which the entire organization is stuck using because their online timesheet system isn’t supported on other browsers (it may work better on other browsers, but it isn’t supported).

    • Charlie B says:

      NASA.  I told them not to, but they got all pissed off.

      I am totally not kidding.

  7. Sign Ahead says:

    My computer expertise is limited to some very specific applications. Outside of those, I’m only moderately competent, so I think I missed something important in this discussion.

    Yesterday, I disabled Java (in Google Chrome) and tried navigating the web. Most of the sites I use regularly, for work and entertainment, stopped working. There were key functions I simply couldn’t use without Java enabled. Is there a workaround for this? Or is it simply a choice between usability and safety?

    • Aleknevicus says:

      Make sure you’re not mistaking Javascript for Java (they’re not the same). The former is very commonly used, the latter much less so. You’d have to have very out of the ordinary browsing habits if most of the websites you use require Java.

Leave a Reply